Ivan Desiatov
Ivan Desiatov
Any updates on this? This seems like something that should be handled by openssl itself, using a flag on `X509_STORE` or something similar. For anyone facing the same issue, the...
Here's the header of the file, I assume everything below shouldn't be important. I'm also using the latest version available in the vscode extension (manually updated today with the download...
Hello, I won't have access to my windows machine for a couple more days, but I'll try to find some time to test once I get back. Thank you for...
Hello, just want to bump this, since this is something we also require where I work. I was hoping the 43.0.0 ClientVerifier would solve my issues, and it does to...
I like the python API that @nbastin suggests, but I think since we are trying to allow customizing verification to this extent, it shouldn't be limited to extension policies, and...
I'm not sure how to handle the built-int extension validators for the default policies on the python side, but I think they can be a different breed of `ExtensionValidator` with...
> Extension validation is not context free - validators must have access to the entire policy object or you can't do meaningful validation. Yes, I agree. I just thought of...
I currently have a working prototype of this feature with the API as outlined in the code snippet below. I would appreciate advice on what the next steps should be...
> I think for the policy, it'd be better to have a builder. And I think (?) we do want to support arbitrary extensions (@woodruffw I believe you have a...
I have a [branch in my fork of cryptography](https://github.com/deivse/cryptography/tree/custom_x509_validation_playground) (disclaimer: wip, lackluster tests and no docs). I haven't worked with pyopenssl before, but it seems that the only way to...